<?php

	error_reporting(0);
	session_start();
	error_reporting(1);
	
	require_once "../common/PinSQL.obj";;
	$pinSQL = new PinSQL();
	
	// deal with the comments
	$touser = $_POST["destuser"];
	$fromuser = $pinSQL->GetUsername($_SESSION["id"]);
	$message = $_POST["comment"];
	$message_safe = addslashes($message);
	
	if ($message != "")
	{
		mysql_query("INSERT INTO buzz
		(touser, fromuser, message)
		VALUES('$touser',
		'$fromuser',
		'$message_safe') ")
		or die(mysql_error());
		
		// mobile notification
		$pinSQL = $pinSQL;
		$message = $message;
		$subject = " Pin Project buzz from $fromuser! ";
		$pinSQL->Query("SELECT * FROM members WHERE username='$touser'");
		$row = $pinSQL->FetchNextRow();
		$id = $row['id'];
		include "mobile_notify.php";
		
		// email notification
		$realname = $pinSQL->GetUserField($fromuser, "firstname") . " " . $pinSQL->GetUserField($fromuser, "lastname");
		if ($realname == " ")
			$realname = $fromuser;
		$subject = "$realname wrote on your buzz on The Pin Project...";
		$messageEmail = "$realname wrote something on your buzz:"
		. "\n\n\"" . stripslashes($message) . "\""
		. "\n\n___________________________________"
		. "\nVisit the Pin Project: http://www.pinproject.com"
		. "\nYou are receiving this message because e-mail notifications are turned on. You can turn them off in your profile settings.";
		include "email_notify.php";
	     
		$username = $_SESSION['destuser'];
		
		if ($pinSQL->GetPrivacyField($_SESSION['id'], "postbuzz") == 1)
		{
			$pinSQL->Query("INSERT INTO activity
			(event_type, by_user, param_1, param_long, url_1)
			VALUES('new-buzz', '$fromuser', '$touser', '$message_safe',
			'/members/frame.php?page=profile&tab=buzz&user=$touser') ");
		}
		
		include("gen_buzz.php");
	}	

	else
	
	{
		echo "\n<br><i>You didn't write anything.</i><br>";
		$username = $_SESSION['destuser'];
		include("gen_buzz.php");
	}
  
  mysql_close();


?>